NTT Ltd has revealed the cybersecurity trends it sees shaping the business technology landscape in 2020. It is a short and very focused list. To help organisations implement them, it has also listed the steps required for adoption. The details are set out in an ebook Future Disrupted: 2020 Technology Trends, which is downloadable from the NTT Ltd website.
Azeem Aleem, VP Consulting Security, NTT Ltd said: “Cyber attacks are happening at machine speed, not human speed. To keep up, organisations will need the help of machines – and data scientists – and this is why we believe Security Orchestration, Automation, and Response will be the hottest area in cybersecurity in the year to come.
“It enables organisations to predict when an attack is going to happen – and fast. In fact, we don’t even talk about proactive security to our clients anymore. We talk about predictive security, which we believe will become essential for delivering an active cyber defence in 2020.”
Defence moving from SIEM to SOAR
For several years the focus for defenders has been on gathering information across all of its systems. That data has been fed into Security Information and Event Management systems. The problem is that these systems have become overwhelmed by the vast amount of data. This has resulted in many organisations not seeing the data they want to prevent attacks.
As attacks increase, there is an increasing need for real-time data. This has led to a rise in organisations adopting SOAR (Security, Orchestration, Automation and Response) solutions. These rely heavily on machine learning to filter alerts and provide actionable intelligence. Faster time to detect an incident means faster response and remediation.
Another benefit of SOAR is predictive security. It allows organisations to get a better idea of where an attack is likely to happen. This is where NTT Ltd will look to engage with customers. With 43% of global Internet traffic going across its network, it is able to see the evolution of attacks across multiple regions. It means that it can provide customers with an early warning of new attacks as they evolve.
The challenge for many organisations will be how to embed this level of intelligence and response into their infrastructure and applications. Given how stretched budgets are, will organisations have the money to do this? The counter argument is can organisations afford not to do this?
Applications are a growing attack vector
Future Disrupted also calls out applications as the new attack vector. Earlier this year NTT Ltd published its 2019 Global Threat Intelligence Report (GTIR). In that it claimed that attacks against applications account for 32% of the hostile traffic it sees.
According to Aleem: “Now that infrastructure is more cloud-based and software-defined, we are entering a world where the application is the easiest way to compromise data. If our latest GTIR is anything to go by, the number of attacks on applications is only going to increase.
“At a minimum, organisations need to regularly evaluate the security hygiene of applications across their entire business and apply the necessary patches – an exercise that can no longer be neglected. Infrastructure will still be a target, however, so organisations also need to test and manage security from the data centre right through to the edge.”
Cloud is both a benefit and a problem
An increasing number of organisations now rely on cloud-based services. They are also adopting cloud-based Managed Security Solutions (MSS). These enable companies to take advantage of the skills sets of MSS providers which lowers the cost of securing their environments. However, not everything is as clear cut.
NTT Ltd believes that the pace of cloud adoptions brings its own problems. Among these are:
- A lack of standardisation: Organisations are finding it hard to create standardised security controls that apply equally to on-premises and cloud. For organisations that are adopting multiple cloud environments, this problem is worse. NTT Ltd believes that security should be applied directly to the workload or application.
- Hyperscalers are part of the problem: Public cloud providers often talk about speed of change and updates across their platform. According to NTT: “This will make it very difficult for organisations to monitor the interactions between humans, machines, data and applications in order to identify patterns and anomalies. Information, context and intelligence therefore need to be applied for a modern and robust security posture.”
- Use Data Wallets to protect data: The explosion of data across organisations makes it hard to contain and secure. Users want easy access while security teams want to lock down access. NTT sees data wallets as the solution. Putting data into a data wallet for users means: Nobody can access that data without certain permissions being in place and, if the user is under threat, can be locked down.
Enterprise Times: What does this mean?
Every day brings more cybersecurity tools and technologies. Picking the right ones can be difficult even for vendors. For most organisations, it is a constant battle to not have a data breach. A significant part of the problem is that they are never sure what tools to buy and how to integrate disparate solutions.
In this look at trends for 2020, NTT Ltd has been careful not to talk about specific tools. It has identified the key areas where it believes organisations can improve their cybersecurity. The question is how will most customers actually get there? Take data wallets as an example. Google the term and very quickly the results head off into the realm of cryptocurrencies. This is not what enterprise IT teams want.
By keeping the list of technologies small, NTT Ltd is setting out an achievable vision for organisations. Will this make it easier for organisations to adopt these technologies?